Gitlab安装教程参考:Linux下安装GitLab仓库,史上最详细的教程来啦~ – 源码巴士
安装完成后,发现和服务器中原有的Nginx冲突,80、443端口被占用。
解决办法:禁止启动Gitlab内嵌的nginx服务,设置配置文件按某端口进行启动
具体步骤:
1. 修改/etc/gitlab/gitlab.rb 配置文件:修改前先备份一份
external_url 'http://yourhostname'
gitlab_rails['trusted_proxies'] = ['127.0.0.1']
gitlab_workhorse['listen_network'] = "tcp"
#指定按某个端口进行启动,事先确保该端口未被占用
gitlab_workhorse['listen_addr'] = "127.0.0.1:8021"
web_server['external_users'] = ['www'] #gitlab nginx所在的用户
nginx['enable'] = false
2. Gitlab重新加载配置文件:
sudo gitlab-ctl reconfigure
3. 重启Gitlab
sudo gitlab-ctl restart
4. 访问:如果在服务器外访问,请确保8021端口已加入防火墙开放端口列表中
curl http://127.0.0.1:8021
#如果出现以下提示,说明成功
<html><body>You are being <a href="http://127.0.0.1:8021/users/sign_in">redirected</a>.</body></html>
5. 配置Nginx,使用域名访问:
server {
listen 80;
server_name yourhostname;
location / {
return 301 https://yourhostname:443$request_uri;
}
proxy_set_header Host $http_host_with_default;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Proto https;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
}
server {
listen 443 ssl;
server_name yourhostname;
root html;
index index.html index.htm;
ssl_certificate cert/yourhostname.pem;
ssl_certificate_key cert/yourhostname.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers off;
add_header Strict-Transport-Security "max-age=63072000";
proxy_hide_header Referrer-Policy;
add_header Referrer-Policy strict-origin-when-cross-origin;
if ($http_host = "") {
set $http_host_with_default "yourhostname";
}
if ($http_host != "") {
set $http_host_with_default $http_host;
}
proxy_read_timeout 3600;
proxy_connect_timeout 300;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $http_host_with_default;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Forwarded-Ssl on;
proxy_set_header X-Forwarded-Proto https;
location / {
proxy_pass http://127.0.0.1:8021;
}
}
6. 预期结果:
访问http://yourhostname和https://yourhostname 都会自动跳转到https://yourhostname/users/sign_in 就代表成功